Hello, I am in middle of building my own cms, as I see opensource cms are vulnerable to attacks, as it's opensource anyone can see the source. I am wondering how to test a script such as how many users are online based on IP, as I don't have that many servers with different IP, how would I go about testing the script.
You don't make sense. I've been coding php for years, should know a thing or two about security. You just make a bold statement like that without backing up really convinces people.
even i think open source is better... in closed source there are very limited number of people who contribute to the development..and that too they do for money..where as in open source people do it as a passion...
Your statements are ridiculous, Kaizoku. Yes, it is true that with open source, everyone has access to the codebase. What does that have to do with the apps' security? If more people can see and change the code, it is more likely the code will be sound - as other people test, rewrite and improve on the original code. Most security holes in both proprietary and open source software has got nothing to do with the app being either one - it has got to do with bad coding practices, lousy testing and plain, simple error. One person coding his own CMS - well, it will maybe be a little more secure, if you look at it as one man, one webpage - ie. you're the only user. Why would anyone bother attacking your site when there is so many other sites using well known software with possible exploits ready for the script kids? But, security through obscurity == no secuirty at all. Open source is very good. Or, maybe you want to tell me that *BSD-boxes running secure apps are prone to hacking? They aren't. And everything about them are open source. *BSD used to be considered the most secure OS around for the x86/sparc-private market - it might have changed lately, I haven't kept up, but I doubt many other OSes have passed it.